SQL database instances should have automated backups enabled

Description:

All SQL database instances should have automated backups enabled.

Rationale:

Backups provide a way to restore a Cloud SQL instance, to recover lost data, or to recover from a problem with that instance. Enable automated backups for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.

Impact:

Automated backups increase the required storage size and may affect the costs associated with it.

Remediation:

From the console

1. Go to the Cloud SQL Instances page in the Google Cloud Console: https://console.cloud.google.com/sql/instances
2. Select the instance where the backups need to be configured.
3. Click Edit.
4. In the Backups section, check ‘Enable automated backups’, and choose a backup window.
5. Click Save.

From the command line

1. List all Cloud SQL database instances using the following command:

   gcloud sql instances list
   

2. Enable automated backups for a Cloud SQL database instance by running:

   gcloud sql instances patch <INSTANCE_NAME> --backup-start-time <[HH:MM]>
   

The backup-start-time parameter is specified in 24-hour time, in the UTC±00 time zone, and specifies the start of a 4-hour backup window. Backups can start any time during the backup window.

Default value:

By default, automated backups are not configured for Cloud SQL instances. Data backup is not possible on any Cloud SQL instance unless Automated Backup is configured.

References:

1. https://cloud.google.com/sql/docs/mysql/backup-recovery/backups
2. https://cloud.google.com/sql/docs/postgres/backup-recovery/backing-up

CIS controls:

Version 8: 11.2 Perform Automated Backups. Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.